CVE-2017-8217

EUVD-2017-17179
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
tp-linkc2_firmware
𝑥
≤ 0.9.1_4.2_v0032.0_build_160706
tp-linkc20i_firmware
𝑥
≤ 0.9.1_4.2_v0032.0_build_160706
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html